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DETAILED ACTION 
Response to Amendment 

1 . This communication is in response to the amendment filed on September 13, 
2006. Claims 1, and 22-28 are currently pending consideration. 

Response to Arguments 

2. Applicant's arguments, see Applicant's Remarks, pages 2-8, filed on September 
13, 2006 with respect to the rejection(s) of claim(s) 1 ,22-28 under U.S.C. 103(a) as 
being obvious over Holloway et al. (U.S. Patent 5,805,801) in view of Sofer et al. (U.S. 
Patent 5,489,896) have been fully considered and are persuasive. Therefore, the 
rejection has been withdrawn. However, upon further consideration, a new ground(s) of 
rejection is made in view of Sherer (U.S. Patent No. 5,935,245). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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3. Claims 1-21 are rejected under 35 U.S.C. 103(a) as being anticipated by 
Holloway et al. US (5,805,801) in view of Sofer et al. US (5,489,896) in further in view of 
Slierer (U.S. Patent No. 5,935,245). 

As per claim 1 : Holloway discloses A MAC (media access control) address based 
communication restricting method using access vectors stored in address tables, 
wherein the access vectors indicate whether two nodes, corresponding to a MAC 
source address and a MAC destination address, may access each other, (Col 3, lines 
15-16) the method comprising the steps of: Receiving packet data upon request of 
communication through at least one port of a plurality of ports of an Ethernet switch 
(Coll 6, lines 27-30); Holloway teaches obtaining the destination MAC addresses 
through the discovery phase (item 145 of FIG. 10 and item 131 of FIG 1 1) but Holloway 
doesn't explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3, lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4, lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
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address table, access vectors corresponding to the MAC destination and source 
address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 I Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (Interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

Holloway-Sofer does not disclose that the access vectors are "bit vectors" which 
are used to allow or disallow forwarding to a destination address. Sherer discloses a 
MAC security method which uses Value Bit Vectors and Don't Care Bit Vectors to 
allown or disallow incoming packets (column 6 lines 29-46). These bit vectors are used 
in a comparison mechanism which compare the values stored in the vectors, and if 
verified, the packet reception and forwarding is allowed, and otherwise, the packet is 
discarded (column 6 lines 30-46). It would have been obvious to use the bit vectors of 
the Sherer invention, to improve security in a LAN by using pattern matching, and 
allows verification to take place at anywhere in the packet by using the bit vector 
(Sherer: column 7 lines 12-25). 
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As per claim 22: Holloway discloses a packet switch communication method, 
comprising the steps of: 

receiving packet data upon request of communication through at least one port of 
a plurality of ports of said packet switch (Coll 6, lines 27-30); 

determining whether said received MAC source address is stored in an address 
table having an access vector indicating whether allowance for access of client nodes is 
made or not, wherein each client node is identified by at least corresponding MAC 
address (item 132 of FIG 1 1 and Col 1 1 lines 14-16); 

when It is determined that said MAC source address is stored In said address 
table, determining whether an access vector corresponding to said received MAC 
destination address is matched with an access vector con-esponding to said received 
MAC source address, wherein both of the access vectors are stored In said address 
table (Col 11, lines 46-50); 

if the access vectors corresponding to said received MAC destination and source 
addresses are matched, transmitting said received packet data to a MAC destination 
address (Col 3, Lines 9-1 1 ); and 

denying access if said access vectors of said received MAC destination and 
source addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

Holloway teaches obtaining the destination MAC addresses through the 
discovery phase (item 145 of FIG. 10 and Item 131 of FIG 1 1 ) but Holloway doesn't 
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explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3, lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4, lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
address table, access vectors corresponding to the MAC destination and source 
address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 ! Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

Holloway-Sofer does not disclose that the access vectors are "bit vectors" which 
are used to allow or disallow forwarding to a destination address. Sherer discloses a 



Application/Control Number: 09/899,293 Page 7 

Art Unit: 2131 

MAC security method which uses Value Bit Vectors and Don't Care Bit Vectors to 
allown or disallow incoming packets (column 6 lines 29-46). These bit vectors are used 
in a comparison mechanism which compare the values stored in the vectors, and if 
verified, the packet reception and fonA^arding is allowed, and othenA^ise, the packet is 
discarded (column 6 lines 30-46). It would have been obvious to use the bit vectors of 
the Sherer invention, to improve security in a LAN by using pattern matching, and 
allows verification to take place at anywhere in the packet by using the bit vector 
(Sherer: column 7 lines 12-25). 

As per claim 23: Holloway discloses the method as set forth in claim 22, further 
comprising the steps of: 

configuring an anti-hacker table comprising information pertaining to a plurality of 
the client nodes and a plurality of server nodes of a network, wherein each server node 
is identified by at least a corresponding MAC address (Col 7, Lines 7-13 and FIG 7); 

when it is determined that said received MAC source address is not stored in 
said address table, determining whether information corresponding to said received 
MAC source address is stored in said anti-hacker table (item 135 of FIG 11, Col 11 lines 
21-29, item 137 of FIG 11 and Col 1 1 lines 31-34); and 

when it is determined that said received MAC source address is stored in said 
anti-hacker table, modifying an access vector in said MAC source address to a security 
key, to thereby store the modified address in said address table (item 320 of FIG 13 and 
Col 1 3 lines 34-36 / setting the filter in Holloway system perform the task of setting 
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security by defning which MAC addresses are allowed or denied access to the 
destination MAC addresses). 

As per claim 24: Holloway discloses the method as set forth in claim 23, further 
comprising the steps of: 

adding a port number, corresponding to the port through which said packet data 
was received, to a storage area corresponding to said MAC source address received in 
said anti-hacker table (item 265 of FIG 12 and Col 12 lines 17-20). 

As per claim 25: Holloway discloses a packet switch communication method, 
comprising the steps of: 

receiving packet data upon request of communication through at least one port of 
a plurality of ports of said packet switch (Col 6, lines 27-30); 

determining whether said received MAC source address is stored in an address 
table having an access vector indicating whether allowance for access of client nodes is 
made or not, wherein each client node is identified by at least corresponding MAC 
address (item 132 of FIG 11 and Col 11 lines 14-16); 

when it is determined that said received MAC source address is not stored in 
said address table determining whether information corresponding to said received 
MAC source address is stored in said anti-hacker table (item 220 of FIG 12 and Col 1 1 , 
lines 62-64); and 
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when it is determined that said received MAC source address is stored in an anti- 
hacker table, modifying an access vector in said MAC source address to a security key. 
to thereby store the modified address in the said address table, said anti-hacker table 
comprising information pertaining to a plurality of said client nodes and a plurality of 
server nodes of a network, wherein each server node is identified by at least 
corresponding MAC address (item 320 of FIG 13 and Col 13 lines 34-36 / setting the 
filter in Holloway system perform the task of setting security by defning which MAC 
addresses are allowed or denied access to the destination MAC addresses). 

Holloway teaches obtaining the destination MAC addresses through the 
discovery phase (item 145 of FIG. 10 and item 131 of FIG 11) but Holloway doesn't 
explicitly teach Reading a MAC destination address and a MAC source address 
included in the received packet data. However Sofer discloses a MAC address-based 
communication access control method (Col 3. lines 49-52). Where he teaches the using 
of a MAC address stripper to extract the source and destination MAC addresses from a 
packet Col 4. lines 13-22). therefore it would have been obvious to one ordinary skilled 
in the art at the time the invention was made to modify Holloway's invention with the 
teachings of Sofer to include a MAC stripper to extract the MAC destination and source 
addresses from the received packets. One would be motivated to do so in order to 
provide the system with ability to determine where did the packet come form and where 
the packet is headed to and if it's headed to a protected destination. Detecting In an 
address table, access vectors corresponding to the MAC destination and source 
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address (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9 ! Holloway teaches using 
combination of data structures AAL (access authorization List) and ICD (interconnected 
device list) the ICD will contain information on connected MAC addresses to the specific 
Managed hub while the AAL will contain the security access control information for each 
device. The combination of those two will perform the same function as the address 
table) Denying access if the access vectors of the MAC destination and source 
addresses are not matched (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

Holloway-Sofer does not disclose that the access vectors are "bit vectors" which 
are used to allow or disallow fonvarding to a destination address. Sherer discloses a 
MAC security method which uses Value Bit Vectors and Don't Care Bit Vectors to 
allown or disallow incoming packets (column 6 lines 29-46). These bit vectors are used 
in a comparison mechanism which compare the values stored in the vectors, and if 
verified, the packet reception and forwarding is allowed, and otherwise, the packet is 
discarded (column 6 lines 30-46). It would have been obvious to use the bit vectors of 
the Sherer invention, to improve security in a LAN by using pattern matching, and 
allows verification to take place at anywhere in the packet by using the bit vector 
(Sherer: column 7 lines 12-25). 

As per claim 26: Holloway discloses a MAC (media access control) address-based 
communication restricting packet switch comprising: 



Application/Control Number: 09/899,293 Page 11 

Art Unit: 2131 

a plurality of MAC ports (Col 4, lines 67 through Col 5, lines line 1); 

a data exchange for establishing paths of packet data between MAC ports; 

a packet memory storing an address table having access vector indicating 
whether allowance for access of client nodes is made or not, wherein each client node 
is identified by at least corresponding MAC address (FIG 6 and Col 9, Lines 49-51 with 
Col 3, lines 7-9) said port table storing information about a current status of the packet 
switch, port attributes and enable/disable, and packet reception completion of each 
MAC port (Col 1 1 , lines 44-50 ) and said address table storing registered MAC 
addresses, destination access vectors corresponding to destination MAC addresses of 
said registered MAC addresses (FIG 6 and Col 9, Lines 49-51 with Col 3, lines 7-9); 

a transmission/reception controller controlling data exchange (Col 5, lines 2-12); 

wherein said transmission/reception transmits said received packet data to a 
MAC destination address when said received MAC source address is stored in said 
address table and if an access vector corresponding to said received MAC source 
address is matched with an access vector corresponding to said received MAC source 
address (Col 3, Lines 9-1 1 ). 

denies access if said access vectors of said received MAC destination and 
source addresses do not match (Col 3, Lines 9-1 1 ; if the managed hub detects an 
unauthorized station connecting to the LAN the hub disables the port disabling the port 
on the hub will perform the step of denying access). 

Holloway does not disclose that the access vectors are "bit vectors" which are 
used to allow or disallow fonA/arding to a destination address. Sherer discloses a MAC 
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security method which uses Value Bit Vectors and Don't Care Bit Vectors to allown or 
disallow incoming packets (column 6 lines 29-46). These bit vectors are used in a 
comparison mechanism which compare the values stored in the vectors, and if verified, 
the packet reception and forwarding is allowed, and otherwise, the packet is discarded 
(column 6 lines 30-46). It would have been obvious to use the bit vectors of the Sherer 
invention, to improve security in a LAN by using pattern matching, and allows 
verification to take place at anywhere in the packet by using the bit vector (Sherer: 
column 7 lines 12-25). 



As per claim 27: Holloway discloses a MAC address-based communication restricting 
packet switch communication method as set forth in claim 26, 

when said received MAC source address is not stored in the address table, and if 
information corresponding to the received MAC source address is stored in an anti- 
hacker table, modifying an access vector in said MAC source address to a security key, 
to thereby store the modified address in the said address table, wherein said anti- 
hacker table comprises information pertaining to a plurality of client nodes and a 
plurality of server nodes, wherein each server node is identified by at least 
corresponding MAC address (item 320 of FIG 13 and Col 13 lines 34-36 / setting the 
filter in Holloway system perform the task of setting security by defning which MAC 
addresses are allowed or denied access to the destination MAC addresses). 
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As per claim 28: Holloway discloses a MAC address-based communication restricting 
packet switch communication method as set forth in claim 27, wherein said 
transmission/reception controller adds a port number, corresponding to the MAC port 
through which said data packet was received, to a storage area corresponding to said 
received MAC source address in said anti-hacker table (item 265 of FIG 12 and Col 12 
lines 17-20), 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For nriore information about the PAIR system, see http://pair-direct,uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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